Hackers Use Fake AI ‘Nudify’ Sites To Spread Malware

Image by Ramez E. Nassif from Unsplash

Hackers Use Fake AI ‘Nudify’ Sites To Spread Malware

Reading time: 3 min

In a Rush? Here are the Quick Facts!

  • Notorious Fin7 operates AI-based “nudify” websites to distribute malware, 404 Media reports.
  • Fin7 sites mimic AI deepfake platforms, attracting users interested in fringe tech.
  • These websites steal users’ login credentials and cryptocurrency wallets using malware.

A report from 404 Media published today has revealed that a network of AI-based “nudify” websites, which claim to undress photos using artificial intelligence, is actually being operated by the notorious Russian cybercrime group Fin7.

These websites are fronts for distributing malware, particularly targeting users’ login credentials and cryptocurrency wallets.

According to researchers from cybersecurity firm Silent Push, Fin7’s sites are designed to look like other popular AI-generated nonconsensual content sites.

However, instead of producing altered images, they infect users’ systems with RedLine, a type of malware known for stealing sensitive information from web browsers, as noted by 404 Media.

RedLine is currently among the most prevalent forms of infostealer malware, according to cybersecurity firm RecordedFuture, as reported by 404 Media.

The findings underline the increasing attractiveness of AI-generated deepfake tools, which are now being exploited by hackers to trap victims.

Fin7, which has been linked to major cyberattacks across the U.S., is using these sites as a new method of distributing malware.

Zach Edwards, a senior threat analyst at Silent Push, said to 404 Media that these platforms attract a specific demographic.

“They are looking for people who are doing borderline shady things to start with, and then having malware ready to serve to those people who are proactively hunting for something shady,” Edwards explained about Fin7’s strategy.

This approach is effective, he added, because victims are unlikely to report the hacks to authorities due to the illicit nature of their activities. Beyond setting up honeypots and luring users, it takes minimal effort to infect them.

404 Media discovered that one of these Fin7-run websites was listed on a major porn aggregator site, increasing its potential victim base. The aggregator site, which is frequently visited by people searching for nonconsensual image-sharing platforms, helped direct unsuspecting users to Fin7’s malware-infected domains.

In response to questions from 404 Media, Hostinger, the domain registrar for most of the fraudulent sites, blocked access to these domains.

404 Media points out that Fin7 has a long history of sophisticated cyberattacks, including the creation of fake penetration testing companies to trick victims into hacking on their behalf.

Despite claims by the U.S. Department of Justice last year that “Fin7 as an entity is no more,” this recent discovery confirms the group is still active and innovating new ways to ensnare victims, as noted by 404 Media.

Edwards will present Silent Push’s full findings at the Virus Bulletin cybersecurity conference this week.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!

We're thrilled you enjoyed our work!

As a valued reader, would you mind giving us a shoutout on Trustpilot? It's quick and means the world to us. Thank you for being amazing!

Rate us on Trustpilot
0 Voted by 0 users
Title
Comment
Thanks for your feedback
Loader
Please wait 5 minutes before posting another comment.
Comment sent for approval.

Leave a Comment

Loader
Loader Show more...